Coming October 25: PeerSpot Awards will be announced! Learn more
2017-09-27T10:57:00Z
it_user728382 - PeerSpot reviewer
Category Analyst at a financial services firm with 5,001-10,000 employees
  • 3
  • 1

Expert Opinion on Palo-Alto Required.

Hi Everyone,

I am currently sourcing for an alternative firewall solution to replace the existing solution being used by my organization on commercial considerations and Palo-Alto has been recommended.

I have done a lot of research but I also need to compliment that with expert opinions.

5
PeerSpot user
5 Answers
Vendor
2017-10-03T11:17:45Z
03 October 17

I’m not an expert on Palo-Alto but what I do know is that they do offer of the top 3 IT security solutions in the world today. Most companies offer a very good firewall solution and one I can recommend is Check Point. Check Points Next generation firewall goes beyond the standard security protocols a lot of us as used to (Anti-Virus. Anti-Bot, URL filtering, Application control etc) and take it a step beyond by protecting your organization from unknown threats such as Ransomware and zero-day attacks (uniquely designed malware targeting specific customers).

They do this using Sandblast Zero day attack Protection application that quarantines the incoming data (such as an email attachment) in a Sandbox and then executes the application within the sand box monitoring its behaviour. Should it not like what the is looking for the software will take a snapshot of the content copy it to a pdf file and then send that on to the user whilst it cleans the infected file.

This not only prevents attacks but it also ensures business continuity. Please check out this link for more https://www.checkpoint.com/products-solutions/zero-day-protection/

PeerSpot user
Security Engineer at a financial services firm with 11-50 employees
Vendor
2017-10-02T10:14:51Z
02 October 17

I don't think so, there are many feature does not exist on NGFW please check UTM vs NGFW, UTM is more comprehensive and has extra features, on the other hand NGFW is faster and always used for perimeter firewall , But all depends on your needs, For example some NGFW may not have DLP
so please check if there appliance on your place has these features and chose upon that!

PeerSpot user
Network and Security Consultant at a tech services company
Consultant
2017-10-02T09:47:58Z
02 October 17

i already check gartner reports, i think UTM is legace now and NGFW id new
thanks

PeerSpot user
Security Engineer at a financial services firm with 11-50 employees
Vendor
2017-10-02T09:42:58Z
02 October 17

You can also check http://www.gartner.com, And make sure are you looking for UTM or NGFW

PeerSpot user
Network and Security Consultant at a tech services company
Consultant
2017-10-02T08:49:23Z
02 October 17

Dears
I really have same project and same recommended, my question is:
what is impact of NSS Lab in my decision? last report of nss lab, palo alto get 40% of security effectiveness .!!!

where is the firewall location ? core,edge....
what is throughput of the firewall after enable URL filtering ? not mention in sheets.

what is throughput of the firewall after enable ssl decryption ?

best regards

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 09, 2021
How does Cisco ASA Firewall compare with Palo Alto's WildFire? Which firewall is better and why?
See 1 answer
09 November 21
When looking to change our ASA Firewall, we looked into Palo Alto’s WildFire. It works especially in preventing advanced malware and zero-day exploits with real-time intelligence. The sandbox feature is the most useful in discovering zero-day threats before they can get to users’ systems. One of the features we liked more from WildFire was the multiplatform deployment. It can be deployed on-premises, on the cloud, or in a hybrid system. Palo Alto protects our network by keeping our cloud service secure across the company. Its price is affordable in relation to other solutions on the market. Wildfire integrates well with other systems of the Palo Alto family. The only downside is that the sandbox requires large file size limits. It could be useful if they provided bare metal analysis. The price is also high, so maybe it is not suitable for very small businesses. We were using Cisco ASA to provide access to our internal network to remote employees. The hardware is very reliable with almost no failure. Cisco ASA devices can run under extreme conditions without failing. It offers a good level of protection from threats and malware. The system, though, lacks the advanced features of next-generation firewalls. But for companies looking for a basic firewall, it can be a good option. The thing with Cisco ASA is that it is outdated. The interface hasn’t changed in years. It is complex to configure, too. Conclusions: Cisco ASA is best suited for small organizations that don’t require a lot of features. However, it is outdated and there are better choices for less money. Palo Alto is a next-generation firewall with advanced threat protection features. The interface is easy to use and you can’t beat the convenience of a cloud-based solution.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 09, 2021
Why?
See 2 answers
Richard Benfatto - PeerSpot reviewer
Networking Security Expert at SR Technologies
26 October 21
What type of network is? how many users?  Fortinet products are unique in that they have specific chips to work on hardware rather than overcharging a CPU to 90%, as happens with some Sophos boxes and others.  Things in the cloud... the cloud is a name, it is software running on someone else's computer system and could be only for you or multi-tenancy. Delays and other dramas may occur.  The question as I was invited to comment :| Which is better, does not tell anything, somehow.
Janet Staver - PeerSpot reviewer
Tech Blogger
09 November 21
FortiGate has a lot going for it and I consider it to be the best, most user-friendly firewall out there. What I like the most about it is that it has an attractive web dashboard with very easy navigation tabs; It can be managed and controlled using layer two wireless access points; When compared with other firewalls, building IPsec VPN and SSL VPN is much easier; I can configure virtual networks within the same firewall; And, configuration of NAT and static routes are straightforward. I would recommend it to any organization that needs to provide VPN access for their employees. FortiGate also has many security functions, such as application control, web filtering, IPS, antivirus, etc., that help companies protect their users. The FortiGate solution also helps optimize traffic from user to application via the hybrid WAN environment. I think what I like most about this solution is that I can combine security functions and SD-WAN, which allows me to scan traffic flow but also to protect the local application server or the user. For me, the downsides of FortiGate are that it happens to include many bugs, and sometimes it can be a challenge to block content from a website with web filtering since web pages contain websites that consume other resources. Moreover, mobile device administration is complicated, and it does not seem to adapt to smartphone or tablet screens very well. While it isn’t my favorite, WildFire provides the ability to block threats as they travers your network infrastructure both in retro-time and real-time. WildFire also has zero-trust and actively works to inspect traffic for malicious capabilities by forwarding a file to the WildFire cloud, even in the case that it doesn’t recognize what the file is doing. The reason why WildFire is not my first choice is because I feel that it is lacking many features and that they could improve by adding more functionality. But there doesn’t seem like there is a way to either tune or tweak the solution. If implemented correctly, though, it can be a good, robust solution to achieving great endpoint security. Conclusion: In my opinion, FortiGate is better than Wildfire because FortiGate meets my business needs better and has more appealing feature updates and roadmaps as well as great technical support, all of which are important to me.
Related Articles
Alex Vakulov - PeerSpot reviewer
Editor at a tech company with 11-50 employees
Sep 27, 2021
Small and big organizations often face targeted attacks. APT groups improve the quality of their operations, causing more serious damage. Timely detection and response, training of personnel, advanced training of information security department employees help reduce the risks associated with targeted attacks. The growth dynamics of APT (Advanced Persistent Threat) attacks has been declinin...
Related Articles
Alex Vakulov - PeerSpot reviewer
Editor at a tech company with 11-50 employees
Sep 27, 2021
More on Targeted Attacks and How to Protect Against Them
Small and big organizations often face targeted attacks. APT groups improve the quality of th...
Download Free Report
Download our free Palo Alto Networks NG Firewalls Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
634,550 professionals have used our research since 2012.